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eamed patent term adjustment. See 37 CFR 1 .704(b). 
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1 )□ Responsive to communication(s) filed on 1 1/28/2008 . 
2a )^ This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) n Clalm(s) 1-29 and 40-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 0 Claim(s) 1-29 and 40-51 is/are rejected. 
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8) 0 Claim(s) are subject to restriction and/or election requirement. 
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DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-29, 40-51 are presented. 

Response to Arguments 

Applicant's arguments filed have been fully considered but they are not 
persuasive. 

As noted in a previous Office Action, the allowable subject matter concerned 
content-level monitoring and trending of a network comprising mining of the packet 
database. Yet, the presented claims no longer have any of these features. 
Furthermore, all claims in the record are now significantly broader than claim 25 of the 
original filing. That claim was noted as clearly anticipated by admissions over the prior 
art. 

"Changing over time" was explicitly noted in a previous Office Action as to be 
novel if this "changing over time" was not historical. In the context of the new claims 1- 
29, 40-51 , this phrase "changing over time" is used in such a way that would refer to 
historical data. As noted by Applicant in the specification, the prior art already had 
packet analysis, real-time functioning, and changing content. Indeed, as Applicant 
noted, there is an entire body of knowledge regarding these matters. See, for instance, 
the entire biblioaraphv of books and articles that Applicant has cited in the specification. 
In particular, the newly presented claims are precisely directed to the pieces of prior art 
that is discussed in page 6 of the revised specification. 
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As noted in a previous Office Action, the allowable subject matter was already 
noted. The cancelled limitations, such as the limitations cancelled from claim 1, are the 
allowable subject matter. 

CLAIM REJECTIONS 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person Shall be entitled to a patent unless - 

(a) theinvention was known or used by others in this country, or patented or described 
in a printed publication in this or a foreign country, before the invention thereof by the 
applicant for a patent. 

Claims 1-29, 40-51 are rejected under 35 U.S.C. 102(a) as being clearly 
anticipated by admissions over the prior art. 

The prior art, as discussed in the specification (and not merely discussed in the 
first few pages), refer to the previous types of analysis of anomalies. These anomalies, 
as noted by Applicant, already had packet analysis, real-time functioning, and changing 
content. Indeed, as Applicant noted, there is an entire body of knowledge regarding 
these matters. See, for instance, the entire biblioaraphv of books and articles that 
Applicant has cited in the specification. 

Some of the claims (claims 1-29, 40-51 generally) recite packet analysis. This 
alone is not sufficient because the prior art (as admitted by Applicant) does acquire data 
from packets. See page 6 of the specification. Some of the claims (claims 1-29, 40-51 
generally) recite real- time functioning. This alone is not sufficient because the prior art 
does some (albeit not all of the functions as in claim 1) functions in real-time. See, for 
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instance, tlie discussion regarding intrusion detection, such as from Escamilla, 
Lippman, LaPadula, etc. that are noted in the specification. Note the Intrusion detection 
work in real-time. 

Claim 1 : A method of performing an application layer semantic analysis to detect 
information access anomalies ( the first paragraph, page 6 of the specification of this 
application which directly mentions such analysis to be "classical." ) 
, comprising: a) capturing data packets on the network; b) filtering the captured data 
packets to detect information content; c)processing packets based on semantics of of 
an application or protocol; d) generating a quantitative representation; (the second 
paragraph, page 6 of the specification of this application which directly mentions such 
statistical technigues to be "classical" ) 

e) deriving a content signature from the quantitative representation; f) deriving a 
prototypical model of that includes a frequency view of a set of content signatures 
accessed by a given user, where the set of content signatures are indicative of content 
that is changing over time; and g) detecting an information access anomaly by detecting 
a given deviation from the prototypical model ( the third paragraph, page 6 of the 
specification of this application which directly mentions such use of historical data to be 
"classical.") 

Claims 2-29, 41-48: these features, as discussed in the previous Office Actions, were 
already noted by Applicant to be prior art. See page 6 of the specification. 
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49. A connputer-innplennented method of detecting an information access anomaly, 
comprising: monitoring data packets indicative of changing content over time; 
generating a prototypical model; and performing a semantic analysis against the 
prototypical model to identify an application level information access anomalv( the third 
paragraph, page 6 of the specification of this application which directly mentions such 
use of historical data to be "classical ." ). 

50. A computer program product comprising a computer-readable storage medium 
encoded with processor-executable program instructions for implementing the method 
of claim 49. 

This was already noted as prior art. The specification already mentions a 
computer - which would necessarily have these features. 

51 . Apparatus including a processor and a computer-readable storage medium, 
the computer-readable storage medium encoded with processor-executable program 
instructions for implementing the method of claim 49. 

This was already noted as prior art. The specification already mentions a 
computer - which would necessarily have these features. 



Conclusion 
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1 . Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply Is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action Is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

The art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The art disclosed general background. 

Points of Contact 

Any response to this action should be mailed to: 



Commissioner for Patents 
Alexandria, VA 22313. 
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or faxed to: 

(571) 273-8300, (for formal communications intended for entry) 
Or: 

(571 ) 273-3836 (for informal or draft communications, please label "PROPOSED" or 
"DRAFT") 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Jung whose telephone number is (571) 272-3836 
or Kambiz Zand whose telephone number is (571) 272-381 1 . 



/David Y Jung/ 

Acting Examiner of Art Unit 2434 
David Jung 

David Jung 



Patent Examiner 
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